Before you use Message Queue for Apache RocketMQ, you must activate it on the Alibaba Cloud official website. If your account is a RAM user, you must grant permissions to the RAM user before you can use the console or API to access the corresponding Message Queue for Apache RocketMQ resources and use the resources to send and subscribe to messages by using SDKs.
Prerequisites
Step 1: Activate Message Queue for Apache RocketMQ.
Step 2: (Required) Grant permissions to a RAM user
- Log on to the RAM console.
- In the left-side navigation pane, choose .
- On the Users page, find the RAM user to which you want to grant permissions and click Add Permissions in the Actions column.
- In the Add Permissions panel, click the permission policy that you want to grant to the RAM user. Click OK.
Message Queue for Apache RocketMQ provides the following system policies. You can grant related permissions to the
RAM user based on the permission scope.
Policy | Description |
---|---|
AliyunMQFullAccess | The permission to manage Message Queue for Apache RocketMQ. This permission is equivalent to the permission that the Alibaba Cloud account has. A RAM user to which this permission is granted can send and subscribe to all messages and use all the features of the console. |
AliyunMQPubOnlyAccess | The publishing permission of Message Queue for Apache RocketMQ. A RAM user to which this permission is granted can use all the resources of the Alibaba Cloud account to send messages by using SDKs. |
AliyunMQSubOnlyAccess | The subscription permission of Message Queue for Apache RocketMQ. A RAM user to which this permission is granted can use all the resources of the Alibaba Cloud account to subscribe to messages by using SDKs. |
AliyunMQReadOnlyAccess | The read-only permission on Message Queue for Apache RocketMQ. A RAM user to which this permission is granted can only read resource information by using the console or by calling API operations. |
Note System permissions cover a large permission scope. For example, after a RAM user is
granted
AliyunMQFullAccess
that represents full permissions, the RAM user can manage all resources of Message Queue for Apache RocketMQ. Message Queue for Apache RocketMQ provides more custom policies for fine-grained authorization on a specific type of
resource. For example, you can grant RAM users only permissions to manage topics in
the console. For more information about custom policies, see Policies and examples.
- In the Add Permissions panel, click Complete.